Reputation: 81
ASP.NET Forms Authorization
I'm working on a website built with pure HTML and CSS, and I need a way to restrict access to pages located within particular directories within the site. The solution I came up with was, of course, ASP.NET Forms Authorization. I created the default Visual Studio log in form and set up the users, roles, and access restrictions with Visual Studio's wizard. The problem is, I can't log in to the website with the credentials that I have set.
I'm using IIS 7.
Upvotes: 0
Views: 750
Answers (5)
Reputation: 850
Steve,
I don't think the issue is with your IIS settings. Because forms authentication does not rely on IIS authentication, you should configure anonymous access for your application in IIS if you intend to use forms authentication in your ASP.NET application.
Try this in your web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="~/login.aspx" defaultUrl="~/">
<credentials passwordFormat="Clear">
<user name="YourUsername" password="superSecret" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<system.web>
</configuration>
There are better ways to implement forms authentication than hardcoding a username and password into your web.config, but this should work for getting you started.
Upvotes: 0
Reputation: 85665
I'd guess (since I don't have IIS7 handy ATM) that you'd need to turn off Anonomyous Auth, and enable Forms Auth in the IIS7 sections.
Upvotes: 2
Reputation: 81
The web.config section is pretty useless as far as I can tell:
<authentication mode="Forms" />
I looked in IIS 7, and in the Authentication section it says: Anonymous Authentication = Enabled, ASP.NET Impersonation = Disabled, Basic Authentication = Disabled, Forms Authentication = Disabled.
Also, I have made no changes to the code other than dragging a Login object onto the designer and changing the page it points at to index.html.
Currently, the log in fails by displaying the log in failed text.
EDIT: Earlier when I would try to navigate directly to a page that is restricted, I would receive a blue page saying that I had insufficient permissions. Now I can see the pages that are restricted without logging in even though I have anon access denied.
Upvotes: 0
Reputation: 175713
At what point did you insert your login/password? Did you have a look at the tables that where created? Althought your password must be encrypted, maybe it's worth just checking if your user was actually created.
Forms Authentication does not require any form of user database.
Steve, can you please paste in your forms authentication web.config section, also any relevant code to the ASP.NET Login control you were using.
There is not enough information to troubleshoot here yet :)
Upvotes: 0
Reputation: 3963
At what point did you insert your login/password? Did you have a look at the tables that where created? Althought your password must be encrypted, maybe it's worth just checking if your user was actually created.
Upvotes: 0
Related Questions
- IIS7 & forms authentication
- asp.net authentication and authorisation
- form Authentication
- ASP.NET Authentication
- IIS 7 - authentication
- Forms authentication Of Asp.net
- ASP.Net Authentication and Authorization options
- Forms authentication issue in ASP.NET
- Asp.net forms authentication
- IIS 7 Forms Authentication